Posted
by
Soulskill
on Saturday July 04, 2009 @08:29AM
from the totally-unbiased-no-really dept.

thefickler writes "Clearly, the rise of free antivirus is starting to worry Symantec, with one of their top executives warning consumers not to rely on free antivirus software (including Microsoft's Security Essentials). 'If you are only relying on free antivirus to offer you protection in this modern age, you are not getting the protection you need to be able to stay clean and have a reasonable chance of avoiding identity theft,' said David Hall, a Product Manager for Symantec. According to Hall, there is a widening gap between people's understanding of what protection they need and the threats they're actually facing."

"IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program [theregister.co.uk] attack their core system files. In some cases, this caused the machines to display the dreaded blue screen of death"

No, Symantec provides a removal tool so that they can make it such a pain in the ass for any home or small business user trying to uninstall it that they just stick with the Symantec product, but that the people who are *really sure about being sure about being sure they wanna uninstall Symantec* can go find the "easily listed" removal tool on the website - because they have to provide at least that to get through the legal loopholes about the customer being the one to choose if they drop the product and go somewhere else...

Rather than advocating a specific anti-virus product, I feel that the question is how do you know you need anti-virus. I would recommend choosing two anti-virus product and keep them up to date for the shortest subscription period allowed. During this time, work as usual, and take note of any virus alert you get, and how that happens. Get rid of one of the anti-virus that doesn't appear to be as effective (and recommend the remaining one to other people). Also adjust your computer using habit until you get no virus alerts. Then make sure you keep your habit within the confines of rules you find working well for you, so you don't get virus alert. Then get rid of the anti-virus software altogether.

I regard anti-virus software as some sort of potty training. You only need it until you find out what behavior will get you into trouble.

I run Linux as well, however what you just said applies to a Linux user not running as root. Unfortunately many people I know who should know better are quite happy logging in as root and this can lead to issues not unlike those affecting a Microsoft OS. All machines I set-up or even manage are set-up such that you cannot login as root either via telnet (now depreciated) or ssh. Of course that won't stop people logging in as root on the console in the case of a personal computer or workstation.

From personal experience Linux in the enterprise requires Anti Virus protection at least for those machines that are internet facing not because Linux is actually affected by mall-ware associated with Microsoft OS's and applications but because you need to protect any Microsoft products that may connect to the Linux machines. It has never ceased to amaze me that many businesses see this as normal and it is utterly pointless to try an explain to them what is wrong with this picture.

Unless, of course, you make the antivirus itself pop up a simple "Yes/No" dialog when its attempted to be uninstalled, warning that malware could be the one behind it. That's what Avast! did last time I uninstalled it, its simple, efficient, and the antivirus app doesn't get classified by *me* as malware unlike dear old Norton.

Right. because there is no way malware could click 'yes'. Hate to break it to you, but there is all kinds of software out there to do this.

Its one of the reasons Vista's UAC prompts are so 'intrusive', because it tries to shunt the dialog box into a 'secure safe mode'... specifically so that other programs, services, etc can't send windows messages, keystrokes, etc to the dialog box and press "allow" for you.

Symantec provided a removal tool because their idiot programmers couldn't be assed to write a proper uninstaller for their shite product.

So basically what you're saying is that the idiot programmers used their ass to write a shoddy piece of code that you need a third party uninstaller to remove?

Yeah that sounds about right actually. And I'm finding the whole of the article, including Hall's bullshit spew to be absolutely hysterical, given that their product runs like a 5,000 pound pig in a 300 pound pig pen. Perhaps if they weren't so bloody quick to obsolete their products on a year to year basis, and trying to push out a new version every year that has even more bloat in it than the last year -- perhaps people wouldn't be so quick to rely on "free" anti-virus solutions as an alternative

"Symantec provided a removal tool because their idiot programmers couldn't be assed to write a proper uninstaller for their shite product."

Symantec products used to be good in the DOS early windows 95 days, now they are just garbage and add no real value, I could never defrag my hard drive in XP using later versions of norton defrag, etc, because of hard disk locking issues because the way their clueless programmers could not figure out NTFS.

I also hate what they did to partition magic when they bought out powerquest. It seems to me anything that gets aquired by symantec turns to shit.

They used to be a good company, now one only uses their products "at arms length" I hate installing their anti virus software and usually only run it from CD/DVD.

They had a few good programs: Their old dos norton utilities and the DOS versions of Ghost - quick, clean simple utilities, what I wouldn't give for someone to make good utilities again.

but that's what he goes on to explain later. He says: "What you need is a pre-emptive strike. Fight fire with fire! Install one of our products and we'll break your computer until it's in an unusuable state. I'd like to see you catch a virus when your internet doesn't work and your computer takes 10 minutes to boot."

Most of those posts aren't current, but let me assure you that Symantec Endpoint Protection still does this shit.

We use it at work, and I've discovered the suite does something really retarded:There's a part of it they call "network threat protection"; because of the overblown name, it took me a bit of googling to figure out that the thing is literally nothing more than a cheap little firewall. However, unlike real firewalls, if you do something it doesn't like - run the FTP client that comes with Windows, run the Windows wget binary, try to install a program over the network, try to use certain software - it will crash. And when it crashes, it will take down the entire Windows network stack. And when the Windows network stack goes down, the computer becomes unusable and you have to cut the power.

Note that this isn't some sort of retarded blocking behavior; although NTP is installed, the traffic rules are set to basically "block two or three inconsequential things, allow otherwise". We ended up having to uninstall it on the computers of the people who were most affected.

If you make a product and then make a new version how can the new version freakout and break because you once had the older version made by the same company?

That's a pretty easy question. You skip the regression testing phase. Or maybe they trusted the OS too much, moved a function from one dll to another, changed how the function worked, and forgot to have the update script remove the dll from the OS. If the program gets the invalid response from the older function, it might cause problems. Anyway you work this, it all comes down to them not testing enough.

If there were any high-quality for-pay alternatives, I'd say he might have a point.

Unfortunately, most antivirus software sucks, with Symantec more or less epitomizing how good ideas on paper can turn into terrible/buggy/bloated security software that actually increases your exposure [msn.com] since it adds another node malicious code can attack. Symantec's argument-from-assertion notwithstanding, there doesn't seem to be any correlation between antivirus software being for-pay and higher quality.

From my experience, there's really bad antivirus software (such as Norton, which I have zero confidence in and would never let touch my machine), and slightly less bad antivirus software. What went wrong? Why does this industry suck so badly? Anyone have any insight?

Personally I have a lot of respect for ESET's AV (specifically NOD32) because it's fast and does the job.

But since they don't target consumers so aggressively (unlike Symantec with Norton, who manage to get difficult-to-remove trial version on tons of laptops at the point of sale) they don't exactly have a very big following. In fact, outside of business and tech circles, I assume they're completely unknown. So I suppose what went wrong, is that AV companies had to dump ethics to get well known. The decent ones who respect the end user and state of the machine (as opposed to "sticky" trial software and the like) end up at the bottom of the barrel. The industry is "upside down"

The fundamental problem is that Microsoft makes more money if there are security problems in Windows.

OpenBSD [openbsd.org] doesn't require anti-virus and anti-spyware programs partly because it was written to be secure. Apple's Mac OS X [apple.com] is based on BSD, and users rarely have problems with that operating system being insecure.

Amazingly, Microsoft is not only supplying insecure software, it is charging for programs to fix the insecurities!!! See Windows Live OneCare [live.com].

Microsoft charges Microsoft Windows users $50 for software to fix problems in Windows! Windows Live OneCare has "Antivirus and antispyware all in one" [live.com]. More: "Two-way firewall helps stop hackers in their tracks". Hmmm, Microsoft, if Windows needs a "Two-way firewall", and it certainly does, why do you supply a one-way firewall with Windows???

See Windows Live OneCare Gripes [computergripes.com]. Quote: "Create the problem, then charge people money to solve it." Another quote: "Why should Microsoft profit from the plague of viruses and Spyware? Shouldn't it have designed Windows better to begin with? And if it has indeed found a way to protect Windows, isn't it a tad exploitative to charge for it? Microsoft has no convincing answer for these questions . .."

Another quote: "McAfee, Symantec and Microsoft (with Windows Live OneCare) all set your credit card up for automatic renewals when you purchase their security software on-line.... the gripe is that you can't opt out of this during the purchase. OneCare is the most difficult of the three to opt out of. In fact, you can't. Instead you must must cancel your subscription altogether by calling 866-663-2273."

To me, it seems like this: Testing... Testing... How much abuse will computer users accept?

Maybe its because Linux and BSD aren't popular platforms for most home users. OSX is 8% - which is large, but considering the rest of that is Windows (most people pin Linux at around 1% on the desktop it seems).

OneCare has been discontinued. The scanning engine it was based on, along with definition updates, are now available free. If you'd even bothered to read *anything* about the product related to this article, you'd know that.Windows does ship with a two-way firewall, and it's remarkably powerful and versatile. OneCare was basically a giant patch for those fools still running an 8-year-old OS."designed Windows better..." You can't fix stupid. The OS itself is pretty damn secure these days, much more so than (for example) OS X - see the Pwn2Own contests and the competitor's comments for an interesting case study. Actually exploiting Windows pretty much requires third-party software, and even then you have to deal with security features that no other os *except* OpenBSD has fully implemented (DEP, ASLR, etc.). What most malware for Windows (and usually for other platforms too) is, these days, is Trojans. Not a lot your OS can do to protect you from those. See the Dancing Pigs [wikipedia.org] (or Bunnies [msdn.com]) Problem. Pop up a warning dialog? Users will click right through it. Make them run as non-Administrators? They'll gain whatever rights the program says it needs (in the case of Trojan-infected installers, you would probably need admin rights anyhow). Antivirus provides only a very small amount of protection against this, but I suppose if you're going to have that kind of person online anyhow they should have that protection. If a company wants to charge more to protect against that stupidity, though, I don't see that as being so evil.

I called ESET (US) to buy their product, they couldn't sell it to me. Pretty typical, they referred me to some shitty online retailer. I called my CDW rep (as I often do spending larger $ amounts), and I actually had to introduce him to their product. They got it worked out, and now CDW sells ESET products. Anyway, it was ridiculous... CDW has pretty much everything, (they're just usually not the cheapest), but they had nothing for ESET in the DB, which I found amazing.

+1 for NOD32.Best combo of fast and accurate out there.I will say that turning off "scan on write" on older computers in any virus engine often gives a great speed boost, NOD32 included. I have found that speed/security tradeoff to be worth it, as files are still scanned on read, and on scheduled full scans.

I agree that most for-pay software sucks in this regard, just look at any corporate network. Most computers have terrible performance and still wind up spreading worms and viruses.

I think the key here is that the company is telling us we need his product. In other news, a consultant came to the conclusion that we need more consulting, GM told me I need a new car, and McDonald's told me I need a McBurger. No shit, a company telling me I need their products? Nothing to see here, move along, look for an unbiased neutral party.

Unfortunately, these have become hard to find in our pay to play economy. And being able to tell who is a good unbiased source of information is a monumental challenge. So far, the only thing that seems to be for sure is that the louder and more often someone says that they are unbiased and neutral the less they are. I would throw out some names and advertising slogans but, I'm not wearing my flame-proof underwear (AC).

I work for technical support for a telephone company ISP. One of my trouble shooting steps (of course when the modem is up and signal good) is to uninstall Norton if system restore does not work. That often fixes the problem. I'm sure there is a use for it out there, but why would you allow a simple home user to disable their internet connection and NOT be able to enable it without uninstalling the program?

I've seen a number of computers that appear to be setup right but will not work until you uninstall Norton.. I'm not really sure how/why that could happen but it's not a settings problem.

O and if that doesn't work, lspfix found here http://www.cexx.org/lspfix.htm [cexx.org] if you don't already know as it will save you a lot of time and I know in your type of job your boss is up your ass about getting people off the line but the problem is though you are trying to fix it over the phone so how do you get the program to

It's not just AV software. The entire software industry operates this way.

1. Shovel feature-rich bug-ware onto unsuspecting schlubs to build "brand" (especially in the enterprise/IT market where the person purchasing the software is often not the person who has to use it, so they make decisions based on feature list and brand name rather than quality)2. Wait for hobbyists, researchers, or smaller companies to figure out how to do it right3. Buy their companies4. Repeat

Remember when Norton was actually decent? It was before Symantec bought them. After the acquisition, Symantec went back to Step 1 and gradually bloated and encrapified the antivirus. Now they are on Step 2. I wouldn't be surprised if they bought up someone like TrendMicro soon, spouting promises of a glorious and euphoria-inducing Norton/PC-cillin integration.

Symantec has cleaned up their performance and bloat issues in internet security 2009. I have some machines running Norton, some running McAfee, using freeware stuff like Spybot, AVG and NoScript as additional lines of defense. Norton is definitely faster and smaller than McAfee this year and doesn't put perceptible overhead on any of the machines where I have it installed, including the old Athlon single core. McAfee chews up a full core of a CPU for a minute or so when it installs updates and the full scan

What went wrong? Why does this industry suck so badly? Anyone have any insight?

Disclaimer: I'm not any particular expert.

My guess is that at least part of the problem is that the only thing that AV software seems to do well is basically signature-based detection, which they had down pat a couple decades ago. So for the past few decades, mostly AV software only needed updates to work with new operating systems, bug fixes, and new signatures.

Now the only real problem with that is that these companies all want to release a new version of their software every year and have everyone re-buy it, because (for psychological reasons) people will pay more for that (or a subscription to receive "free" updates) than they'll pay for signature updates. This puts the companies in a position where it makes sense to throw some new bells and whistles into their product every year, whether or not they're sensible or effective. That leads to bloat.

It will tell you what programs you need to update. It will tell you every 1 to 3 days that you have a problem with Word, Excel, IE, Flash, Adobe Acrobat, etc, etc and really need to download the update from which ever companies website. It's made me decide to switch to Linux just out of shear annoyance... It's really funny how the update programs that litter my proces

Of course they say that. They are in the business of scaring people into buying their crap so they think they are safe -- when in actuality their vict^Wcostumers get pwned by exploitable holes in IE anydangway.

Exactly, they'd say exactly the same even if Microsoft's solution was wonderful and Symantec was left selling rocks to keep tigers away. I think it's a smart move by Microsoft in crunch times, it's lowering the cost of using the platform without lowering the income of Microsoft. Also, analyzing viruses gives them lots of information on bugs they ought to sort out and patch in the source software anyway. By baking it into the cost of Windows they're basicly giving themselves free market share, and there's no

And you just hit right on the head the biggest security measure you can do-get them off IE! I have found by getting them off IE, either with FF, Seamonkey(the older folks seem to prefer its Netscape style layout to FF), Kmeleon(for older machines) or Flock(for those into social networking) the rate of infection goes WAY down with my users.

The second biggest security advice I can give is don't make your users think. I have Comodo [comodo.com] set to auto scan nightly based on their usage patterns, Spybot set to do the same, Foxit [foxitsoftware.com] does its own updates, Windows set to autoupdate, etc. I have found that by relying on the user as little as possible it helps to keep the system up to date and less of a target. Relying on the user is how so many end up with a four year old out of date Symantec "product" as the only AV on a users machine.

But I personally think it is funny that the head of Symantec is warning about free AVs, when oftentimes his "product" will drag a machine to its knees worse than any malware infection! When I hand the customer a box that previously had Symantec their machine with something like Comodo installed the first thing they comment on is how much faster their machine is, which is kinda sad, as once upon a time (during the days of DOS and Win9X) Norton was a sign of quality. But like most things Symantec touches Norton turned to crap. BTW, is there any product the Symantec bought that hasn't turned to crap?

Unfortunately, your post is terribly worded. There haven't been as many holes in IE over the years as some other browsers.FF3.5: 0, currently (it just came out 2 days ago)FF3.0: http://secunia.com/advisories/product/19089/ 81 vulnerabilitiesFF2.0: http://secunia.com/advisories/product/12434/ 154 vulnerabilitiesIE6: http://secunia.com/advisories/product/11/ 154 vulnerabilitiesIE7: http://secunia.com/advisories/product/12366/ 84 vulnerabilitiesIE8: http://secunia.com/advisories/product/21625/ 8 vulnerabilitie

And *that* is a crap statistic; it does nothing to describe the severities of the vulnerabilities, the vendor response, or the amount of time each was left unpatched. Who cares if FF had 184 vulnerabilities and IE 1, if the FF ones were hard to exploit and patched within a few days and the IE one was left open all year and readily attackable by script kiddies?

You're right, it doesn't explain anything about vendor response.But in almost every severe case of a worm or trojan infecting Windows, at least ones that got large enough to gain media attention (Code Red, Blaster, Storm)--the vendor had a patch out that was available long before the worms existed.

This is proven and very well known. Even Storm's exploit was fixed in October of 2008, many months before the botnet gained media attention.

There are Windows installation methods and procedures that people on Wind

In the end it boils down to what actual malware is out there in the wild.

"exploit statistics" are just numbers that are abused by people that needto make up excuses for not being willing to dump crap and just use a betterproduct.

It's not the number of buffer overflow bugs in Firefox, it's the number ofactual trojans in the wild for Explorer.

Microsoft for a long time has suffered from this strange idea that theycan enhance the end user experience by allowing and piece of crap codefrom any untrusted source to execute by default and run amok in the system.

Here's their problem - the malware/virus guys have been working against their products for so long now, they KNOW how they work, and with the level of embededness these programs have in the operating system, the m/v guys have figured out now all they have to do is exploit the security software - they can handily shut it off while making it appear to the user it is still on... ahem... and do what they want. Having cleaned some very nasty stuff off of both Symantec's and McAfee's premiere CONSUMER products t

You are mixing stuff. On Windows, ClamAV is the only OSS solution, and it doesn't (yet) have decent support for on-access scanning (It is possible to use WinPooch to do it, but WinPooch is unmaintained and not compatible with Vista or XP SP3). This is mostly because the developers of ClamAV are more focused on using it for server side email scanning and so forth.

So sure, an OSS solution for on-access scanning on workstations would be attractive for lots of reasons, but there isn't one right now, so it doesn

Although, I have to admit, their product improved considerably over the last 2 years. Instead of just saying "They got a really good looking box" (because I should not say anything bad about them), I can now also say "and you can easily get rid of them now too!"

Faulty logic. You're assuming that they are capable of writing good malware, but not capable of writing good anti-malware software. It's more likely that their malware sucks just as much as their other products, and so doesn't proliferate in the wild.

I know that myth stays in circulation, but trust me: AV companies do not write malware. For two reasons:

First, AV companies do talk a lot. Not only at conferences. There's a well built and solid network of sample exchange between them. Of course, you delay it a few hours or a day before you forward your new samples to the others so you can have a 'first', but a global malware detection array is in nobody's budget possible. So they split the world and detect together. Should it become known that you spew malware yourself, you're OUT. And that means you're dead.

And second, why bother the cost? You get the malware for free anyway. There are people who make it their (illegal, but who cares?) business to write and spread it. Why should I invest money into something I get free of charge?

If there choice were only: install Symantec or get a virus, then that's a really difficult choice. I'd be inclined to risk the virus, since Symantec invades and slows your system in a worse way than many infections.

Fortunately, there are many free anti-virus products that work better than Symantec. It's a no-brainer choice. Free is cheaper and better.

I have no understanding of how Symantec remains in business. There's something deeply wrong with that.

I wish they were as good at creating AV software as they were at FUD. Symantec is an industry-wide joke, and the only reason I know of that it's still used is because of its management tools.

I was looking at the email server security plugin for Exchange, and was just amazed at what a shitty product it was. It was like a brain-dead version of Postfix. It's very clear that whoever wrote it had little understanding of email security beyond scanning email for viruses. It was just a joke, but an incredibly e

I have no understanding of how Symantec remains in business. There's something deeply wrong with that.

That's easy - software bundle contracts with all major computer vendors, branding and market exposure, plus they seem to always be available for interviews with '60 minutes' every time there's a trojan/virus outbreak like Conficker. This all culminates into ordinary people looking at anti-virus boxes on retail store shelves, seeing 'Symantic' and triggering that name from wherever they heard or saw it befor

If you act as if you were the godking of antivirus, you will start to ignore your flaws. If you then are so strong in that belief, that you pull others into it, they will start to ignore them too.As you might imagine, this is quite easy with the uninformed masses, who never have seen anything else.I mean that "Dr. Norton" with his white doctor coat, his cool name, and all this... He looks so sure of himself. And others have it too. So it must be good. Ever if it is bad there, and there, and there, and there, etc.

It's the same thing that makes you believe a medical doctor actually had any more competence than a better pharmacist. And him stating "there is no cure" except of "I did not go to a further training for the last three decades, and just don't know a cure, but there might be one, and we still have to find it", does not help it. (This is his delusional dominant reality in action.)

It is also the thing that can make you good at dating, pickup, etc. (Don't hear to the Mistery method losers and their a million and one imitators. That stuff is outdated for at least a decade now.)

If I grew bananas, I would warn everyone that free bananas could be detrimental to their health. After all, consumers have no idea how hard it is to grow good bananas. Free bananas could leave them lacking in any number of impossible to define vitamins and minerals.

As a software author, I've found that free anti-virus, like Avira and Avast, pretty good, given my
understanding of computers, email, spam, and security threats. Symantec are just creating
FUD. I used to use Norton Security software, but found that it just slows down a Windows XP
machine far too much, guesstimate 15 to 20%. The UI would take ages to load. Symantec
might be good for the peons, but for experts the performance hit is too much. Expert users
can find better, cheaper, and faster working solutions.

I won't run Symantec on my network. When I first took over, everything was Symantec 11, and it was just horrifyingly bad. Pretty much every time I logged into my workstation, I had to kill the rtvscan process, and users were always complaining. When the license renewal came in, I just crumpled it up and through it in the garbage. I had had some experience with F-Prot from when I was working at a small ISP, and decided "what the hell". The licenses were cheap (I did forty computers for $200 a year), it's very lightweight and while I can't do remote scans and the like, the LAN version is dead-dog simple, it just copies the definitions from the server. Even then, it still screws up on occasion, but a helluva lot less than Symantec ever did.

The fact that Windows needs AV to the extreme extent that it does just boggles the mind. And now that Microsoft are providing their own free AV solution as a cheaper solution to actually fixing Windows security sounds like Microsoft trying to pull a fast one while at the same time push into yet another software market. Why should I trust a Microsoft AV solution, when I find it so hard to trust Windows and any other Microsoft product in terms of security? They might get it right at the product launch, but I

I can second this whole-heartedly. I work in a computer shop, and I can personally testify that these two products catch more infections than anything
Symantec, McAffee, or Trend Micro EVER came out with. I still recommend Malwarebytes Antimalware [malwarebytes.org] as a
supplementary spyware scanner, but Avast and Avira are definitely my favorite for main protection.

The reason you are steadily losing market share has less to do with the availability of reasonably good antivirus software for free, and more to do with the staggeringly awful quality of your own products. Norton Internet Security was so completely terrible, that not only did it fail to stop critical attacks, but it slowed down systems more than the worst available spyware infections. Removing those spyware infections was also easier than removing your software, because the uninstaller would fail more often than it would function. I began to keep the latest version of the Symantec removal tool in my kit because it was better to assume the uninstall would fail, and not bother to use it. Until I managed to get a significant portion of my clients away from your products, they paid me to fix problems with your software more often than any other single product by a factor of 10. At this point, even if your company came out with the perfect security product, I would advise my clients not to buy it purely based on past experience, because you do not deserve their money.

I'm just saying... From what I hear from pretty much everything and every test, is that they have the worst piece of shit of a useless resource hog with no detection rate in the whole industry, including free solutions.

In my experience (which is fixing other peoples Windows infested crap) the most reliable way of detecting a virus is to run from a Linux livecd.

Download clamav, then check the drive.

The reason I say it is better is because many virus/malware disable AV features in Windows so you can never be 100% sure - I know you can get clamwin but again some 'bad thing' could have disabled some it it's features...and linux allows you to write to folders that would be normally projected by the system (i know there is any obvious danger to this)

There has been at least 2 cases in the last month where a vista machine (one had norten and signed up to onecare,,,) which had av protection was not able to completely get rid of a trojan - even using clamwin - clamav in linux sorted it.

You know what is really a non-protection in AV? Products from large companies. No, really.

Malware is today routinely tested against the big players before it's leaving the door. More and more often, you also see protection against specific AV suits (Norton, McAfee, Kaspersky are amongst the top on that list), where the malware specifically tries to disable those AV suits or at least blocks updates.

Malware protecting against smaller players in the AV field is rare. Market dictates that. It does not pay to protect your malware against an AV suit the market share or which is less than 5 percent.

So, I essentially agree with him: MS Antivirus will offer... well, let me say not the best protection, because EVERY piece of malware will be tested and hardened against it. But, and I guess Mr. Hall will not enjoy that, Symantec doesn't offer protection any better, because, since they're big enough with a big enough market share, they, too, are on the malware writer's radar.

I agree, all free antivirus sucks, so does all paid for software.
However there is a magical amulet which will protect you from all computer attacks, I happen to be selling these items for a very reasonable price.

I personally am very vocal about my hate of purchased anti-viruses for end users.

Most of the home user computers I've seen use some kind of outdated anti-virus technology that wasn't updated in ages. They purchase the computer, they got a 90 days free AV deal, then weeks before it ends up, they are asked to subscribe to this crap for some kind of amount, they say "later", next reboot "later", next reboot "later", next reboot GAAAH "never! there!", and they are stuck with that piece of crap that slows down their computer than gives them a false impression of security "because they got Norton installed", even if they totally forgot they even had to subscribe.

Even worse are the computers with some outdated version of the software that isn't even updated anymore, like they got this 3 year old version of (example) Symantec they purchased, asked for the year update, then got a message about that brand new (shiny) version with more features. They said no because they aren't doing anything fancy with their computers. Now they are stuck with some 3 year old solution that isn't updated anymore. How appropriate.

So my suggestion for all the computer users: don't use a bundled anti-virus unless you get explained what's the deal pay their due diligence everytime they are asking for it. Then, they are very good (usually vastly superior) products. -- Instead, use some free anti-virus, like AVG, that will automatically update everyday, and won't become outdated, and you won't have a popup message asking for money or else... Use spybot for the lesser evils. There, you are free of pains.

Symantec is taking a page right out of the republican/democrat "anti (not for profit) universal health care" hand book. Instead of having universal single payer health care that would cover us all, for the good of man kind... the special interest groups are spreading FUD because they would lose profit and power.

Same thing with Symantec. They would have you believe that Free AV would destroy humanity itself and leave you unprotected. Symantec would have you believe that only they can protect you properly.

The reality is free AV will help prevent the spread of virii thanks to more people having anti virus software.

Apparently Symantec doesnt really care about protecting users... they just want a profit.

One of my clients bought a new Dell Inspiron notebook with an integrated Verizon cellular card. He wound up needing my help getting the Verizon card set up, because every time he ran the Dell utility to manage the card, it just hour-glassed the PC for about 30 seconds, and finally returned an error message about being unable to connect to one of its components.

I fought and fought with it, checking to see if the cellular card might be disabled at the BIOS level, or if a Windows service was incorrectly set to "disabled" or something.... nope.

I finally gave up and called Dell tech support, to see if they knew anything about the issue. The tech had no clue, other than suggesting steps I already tried, and seeing if I could launch the configuration program from the START menu, as opposed to from its system tray icon (same result).

Then, on a "shot in the dark" troubleshooting step, I did a full uninstall of the McAfee Security Suite provided with the machine (with 1 year subscription). That did the trick! McAfee was blocking the cellular card utility from launching, despite its firewall not even listing it as a blocked executable or anything! Nice.....

On the other hand, I know plenty of people running active commercial anti-virus software that's been plagued with virii.

The reason?
1. No Awareness.
2. No Patching.
3. No Prudence.4. Running Windows

There. Fixed that for you.

Worm/Virus are spread so fast these days, the AV software just can't catch up in time to prevent the infection and in quite a few cases, the Worm/Virus disables the AV software, making it more difficult (in some cases impossible) to remove the infection without booting to another OS (Live OS from a CD/USB Drive).

Except that spreading fast is nothing new. Most worms hit peak a few hours sooner than the average time it takes for the AV makers to create and push out a new profile.

That's why I use ClamWin for occasional scanning.

ClamWin, ClamAV are fine for remedial action. The best remedy, as in all things, is prevention and that can be accomplished by moving to systems that are resistant to malware. Here even the consumer unions fall flat on their faces and fail to mention the Linux distros. Most mainstream distros are years ahead of Windows as far as ease of use, maintenance and speed. The main weakness of real systems (non-M$) is that Web 2.0 script crap.

If someone wanted to make a really hardened desktop or netbook appliance, the following steps can be taken:

Split up the file system hierarchy and partitions W^X

Don't run the regular user with any admin privileges or the ability to escalate to admin.